October 10, 2023 at 09:54AM Gutsy, a new cybersecurity startup founded by the team behind Twistlock, has secured $51 million in seed-stage financing. The company plans to use process mining techniques to address security challenges and provide data-driven insights into an organization’s teams, tools, and processes. Gutsy aims to help security leaders make better decisions … Read more
October 10, 2023 at 09:54AM A new advanced persistent threat (APT) group called Grayling has been targeting Taiwanese organizations, as well as a government entity in the Asia-Pacific region and organizations in the US and Vietnam. The group likely operates from a region with a strategic interest in Taiwan, implying a possible link to China. … Read more
October 10, 2023 at 08:24AM Akamai’s security researchers have discovered a new Magecart web skimming campaign that incorporates three concealment techniques. One technique involves hiding malicious code in the targeted website’s ‘404’ error page. The campaign, which targets large organizations in the food and retail sectors, follows the typical Magecart pattern of exploiting vulnerabilities, injecting … Read more
October 10, 2023 at 08:24AM UK cable manufacturer Volex has been hit by a cyberattack, with unauthorized access to its IT systems and data. The company said there has been minimal disruption to production levels and no material financial impact is expected. Volex has engaged third-party consultants to investigate the incident. It is believed the … Read more
October 10, 2023 at 08:24AM Natalie Silvanovich, a member of Google’s Project Zero, discusses her work in finding and fixing zero-day vulnerabilities. Project Zero aims to make zero-day vulnerabilities difficult to exploit by attackers. Silvanovich explains the team’s disclosure policy, research process, and the necessary skills for being a successful researcher. She also touches on … Read more
October 10, 2023 at 04:33AM A study conducted by Secureworks revealed that cyber attackers are now deploying ransomware within 24 hours of gaining initial access to a victim’s environment. In nearly two-thirds of cases, ransomware was deployed within a day, and in over 10% of incidents, it was deployed within five hours. This marks a … Read more
October 10, 2023 at 02:18AM Threat actors are exploiting a critical flaw in Citrix NetScaler ADC and Gateway devices to conduct a credential harvesting campaign. The flaw, CVE-2023-3519, allows for remote code execution. Attackers are inserting a malicious script into the authentication web page and capturing user credentials. IBM X-Force has identified at least 600 … Read more